汇总 atcom 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
历史漏洞主要涉及 SQL 注入与跨站脚本 等问题,部分漏洞可能导致 会话劫持,并影响 生产负载与软件部署 相关场景。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2019-12328 | A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request. | [email protected] | 9.0 | 4.21% | 2019-07-22 | 2026-06-16 |
| CVE-2014-2318 | SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter. | [email protected] | 7.5 | 2.07% | 2014-03-11 | 2026-06-16 |
| CVE-2011-3340 | SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. | [email protected] | 7.5 | 2.04% | 2011-10-21 | 2026-06-16 |
| CVE-2010-4967 | SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 allows remote attackers to execute arbitrary SQL commands via the artID parameter. | [email protected] | 7.5 | 2.09% | 2011-10-21 | 2026-06-16 |
| CVE-2010-4966 | Cross-site scripting (XSS) vulnerability in default.asp in ATCOM Netvolution allows remote attackers to inject arbitrary web script or HTML via the query parameter in a Search action. | [email protected] | 4.3 | 1.46% | 2011-10-21 | 2026-06-16 |
| CVE-2009-5103 | Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP allows remote attackers to inject arbitrary web script or HTML via the email variable. | [email protected] | 4.3 | 2.56% | 2011-10-21 | 2026-06-16 |
| CVE-2009-5102 | SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter. | [email protected] | 7.5 | 2.05% | 2011-10-21 | 2026-06-16 |